27 matches found
PT-2026-48929
Name of the Vulnerable Software and Affected Versions NanaZip versions 3.0.1000.0 through 6.0.1697.0 Description A heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser via the upstream 7-Zip AvbHandler. An unsigned integer underflow in a bounds check allows an...
CVE-2026-44926
InfoScale CmdServer before 7.4.2 mishandles access control...
EUVD-2026-31133
InfoScale CmdServer before 7.4.2 mishandles access control...
CVE-2026-44926
InfoScale CmdServer before 7.4.2 mishandles access control...
Oracle Linux 8 : libxml2 (ELSA-2026-11349)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-11349 advisory. - Fix CVE-2025-9714 RHEL-119279 - Fix CVE-2025-32415 RHEL-100177 - Fix CVE-2025-7425 RHEL-102797 - Fix CVE-2025-6021 RHEL-96498 - Fix CVE-2025-49794 RHEL-96398...
Release Information for Dell SC Series Plug-In for Veeam Backup & Replication
This plug-in leverages the Veeam Universal Storage API, which enables storage OEMs to allow Veeam Backup & Replication integration to the arrays for backup and replication jobs. Requirements Before installing Dell SC Series Plug-In v1.0.211, ensure that you are running Veeam Backup & Replication...
Linux Distros Unpatched Vulnerability : CVE-2025-21605
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited...
BIT-LIBPHP-2020-7059 OOB read in php_strip_tags_ex
When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...
WordPress plugin Shortcodes Ultimate 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2021-32742
Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug in the Data.initbase32Encoded: function opens up the potential for exposing server memory and/or crashing the server Denial of Service for applications where untrusted data can end up in said function. Vapor does not currently...
CVE-2025-26994
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in softdiscover Zigaform – Price Calculator & Cost Estimation Form Builder Lite allows Stored XSS. This issue affects Zigaform – Price Calculator & Cost Estimation Form Builder Lite: from n/a through...
WordPress plugin Zigaform – Form Builder Lite 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-6577 · WordPress · Zigaform – Price Calculator & Cost Estimation Form Builder
Name of the Vulnerable Software and Affected Versions: Zigaform – Price Calculator & Cost Estimation Form Builder Lite plugin for WordPress versions up to, and including, 7.4.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'zgfm fvar' shortcode due to...
Alvaria Unified IP Unified Director 安全漏洞
Alvaria Unified IP Unified Director is a multichannel unified communications platform from Alvaria, Inc. that is primarily used for contact center management and customer interaction management. A security vulnerability exists in Alvaria Unified IP Unified Director prior to version 7.4 SP2, which...
ALPINE-CVE-2024-51741
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2...
Image Access Scan2Net 安全漏洞
Image Access Scan2Net is a scanning software from Image Access Germany. A security vulnerability exists in Image Access Scan2Net versions 7.40 and earlier, 7.42 and earlier, and 7.42B and earlier, which stems from a password change feature that does not require a current or old password, which...
CVE-2024-25156
A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients...
PT-2023-29203 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.2 through 7.4.3.53 Liferay DXP 7.4 before update 54 Description: The issue concerns multiple stored cross-site scripting XSS vulnerabilities in the fragment components. These vulnerabilities allow remote attackers ...
PT-2022-25851 · Liferay · Liferay Portal
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.0.0 through 7.4.2 Description: The issue is related to an insecure default in the auth.login.prompt.enabled component, which allows attackers to enumerate usernames, site names, and pages. Recommendations: For Lifera...
Liferay Portal 路径遍历漏洞
Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and more. A security vulnerability exists in Liferay Portal...